Learn how to use the Dig command to gather DNS information.
Dig stands for Domain Information Groper. It is a tool for querying DNS nameservers for information about host addresses, mail exchanges, nameservers and related information.
You can use Kali Linux for this lab.
Dig is a tool which can be used on either Linux or Mac OS. Dig comes pre-installed on Kali Linux and you can check its version using the following command:
The dig syntax looks like the following:
Dig [server] [name] [type]
We will begin by performing a simple dig command. Type the following into a terminal:
The above command will include several information. There may be a time when you only want the
result of the query. This can be achieved in dig with the following command:
dig google.com +short
As you can see, there can be more than one IP for a host record.
This next command will get rid of all information before the answer section, for easier reading. We can specify this using the following command:
We can also specify the nameservers we wish to query using the following command:
This command queries the “google.com” record from the Name Server with IP address 188.8.131.52.
If we want to query all DNS record types, we can use the “ANY” option. This will display all the available record types in the output:
We can also look up a specific record. For example, if we want to get only the mail exchange section associated with a domain, we can use the following command:
dig google.com MX
We can query a number of specific record types using the following tags in place of MX:
TXT, CNAME, NS, A
We can trace the DNS path, similar to traceroute, using the following command:
It is also possible to make DNS queries for IP addresses.
Dig has a useful feature which allows you to perform a number of DNS lookups for a list of domains instead of doing the same for each one individually. This can be done by performing a lookup using a file:
dig -f domain_names.txt +short
It is possible to access domain verification data by making a DNS TXT query.
Dig is a tool with multiple uses and can be very useful for gathering a broad range of DNS information about a target site.